[英]C# how to get two column values by ID from a datatable
我对数据库和 SQL 了解不多,所以我想在这里寻求帮助,我知道这应该是基本知识,但作为新手,我不知道从哪里开始。
我在弄清楚如何从数据表中获取特定值时遇到问题,我已经使用以下代码在 form2 中获得了ID
:
cmd = new SqlCommand("select UserID from Users where UserName='" + textBox1.Text + "' and UserPassword='" + textBox2.Text + "'", cn);
object result = cmd.ExecuteScalar();
if (result != null)
{
loginresult = 1;
LoginUserID = Convert.ToInt32(result);
AdminRights = ???; //how can I get this value from datatable?
UserRights = ???; //how can I get this value from datatable?
this.Close();
}
现在在 form1 中,我想通过 ID 获取 AdminRights 或 UserRights 的值,我有以下代码:
private void button7_Click(object sender, EventArgs e) // Button to Form2
{
Form2 win_form2 = new Form2();
win_form2.ShowDialog();
if (win_form2.loginresult == 1)
{
label4.Text = string.Format("User ID: {0}", win_form2.LoginUserID.ToString()); // Gets and places specific user ID
if (win_form2.UserRights = 0 && win_form2.AdminRights = 1) // Check if the ID has AdminRights
label5.text = string.Format("Rights: {0}", "Admin") // If true, do the following
else if (win_form2.UserRights = 1 && win_form2.AdminRights = 0) // Check if the ID has UserRights
label5.text = string.Format("Rights: {0}", "User") // If true, do the following
}
}
我的数据表:
那么最后,如何访问数据表并在 form2 中获取 UserRights 和 AdminRights 值?
注意:我知道我有关于密码和 SQL 注入的非常危险的代码,现在我只希望它工作。
您可以按名称访问列,如下所示,使用模式或使用 ie 数据表(但请注意,您应该使用命令参数并且不要直接从用户输入将任何值放入查询中)
using (SqlConnection connection = new SqlConnection(
connectionString))
{
connection.Open();
SqlCommand command = new SqlCommand($"SELECT * FROM TABLE_NAME WHERE UserID = {your_user_id}", connection);
SqlDataReader reader = command.ExecuteReader();
while (_reader.Read())
{
// get the results of each column
var adminRights = reader["AdminRights "] as string;
var userRights = reader["AdminRights "] as string;
}
}
// usage with parameters
SqlCommand command = new SqlCommand("SELECT * FROM TABLE_NAME WHERE UserID =@user", sql);
command.Parameters.AddWithValue("@user", your_user_id);
您可以使用以下示例直接访问 SQl 列。
例子:
using (SqlConnection con = new SqlConnection(connectionString))
{
using (SqlCommand cmd = new SqlCommand("Select ....", con)) //Your SQL Query here
{
con.Open();
cmd.ExecuteNonQuery();
SqlDataReader dr = cmd.ExecuteReader();
if (dr != null)
{
while (dr.Read())
{
employee.AdminRights = dr["AdminRights"].ToString(); //This basically reads the SQL column into an "active reader"
employee.UserRights = dr["UserRights"].ToString();
}
}
}
con.Close();
}
另一种方法可能是使用SQL 中的变量并将它们作为参数添加到 Windows Forms 中。 阅读此答案
cmd.Parameters.Add(new SqlParameter("@AdminUser", empInfo.AdminUser));
cmd.Parameters.Add(new SqlParameter("@UserRights", empInfo.UserRights));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.